Vous pensez être infecté, des pubs s'affichent quand vous naviguez sur internet ?
Perte de données, ralentissement système, virus USB ?
Désinfectez votre ordinateur gratuitement !
  • Avatar du membre
  • Avatar du membre
Avatar du membre
par narkin
#134233
En faite j'avais réformater le Pc il y a un moment. Et depuis il a pas trop trop était utiliser car bug toujours. A l'instant. Gros gros ralentissement. à‰cran qui se fige et un BIP comme quand on accède au bios.. J'suis obligé de l'éteindre par le bouton. Je redémarre et t'envoie le rapport.
Avatar du membre
par narkin
#134248
Autre soucis, je viens de redemarrer et le centre de securité m'indique que avira n'est pas actif, alors qu'il l'est bien et qu'il fonctionne correctement là . Petite question, est il consillé d'activer ou désactiver windows defender ? (il es desactivé chez moi.)

Voilà  le rapport :
Code: Tout sélectionner
~ Rapport de ZHPDiag v2014.4.23.42 - Nicolas Coolman (23/04/2014)
~ Lancé par Françoise (23/04/2014 17:35:19)
~ Adresse du Site Web http://nicolascoolman.webs.com" onclick="window.open(this.href);return false;
~ Forums gratuits d'Assistance à  la désinfection : http://nicolascoolman.webs.com/apps/links/" onclick="window.open(this.href);return false;
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 28.0 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows Vista (TM) Home Premium, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
~ Windows Operating System - Vista, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : WQD8Q
Windows License : OK
Windows Automatic Updates : OK

---\\ Logiciels de protection du système
Avira Free Antivirus v14.0.3.350
Malwarebytes Anti-Malware version 2.0.1.1004

---\\ Logiciels d'optimisation du système
CCleaner v4.12 =>.Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 13 Plugin
Adobe Reader X

---\\ Informations sur le système
~ Processor: x86 Family 15 Model 72 Stepping 2, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1021 MB (19% free)
System Restore: Activé (Enable)
System drive C: has 100 GB (69%) free of 144 GB

---\\ Mode de connexion au système
~ Computer Name: PC-DE-FRANà‡OISE
~ User Name: Françoise
~ All Users Names: Françoise, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Françoise\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Françoise\AppData\Roaming\
~ %Desktop% : C:\Users\Françoise\Desktop\
~ %Favorites% : C:\Users\Françoise\Favorites\
~ %LocalAppData% : C:\Users\Françoise\AppData\Local\
~ %StartMenu% : C:\Users\Françoise\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 100 Go of 144 Go)
D: Hard drive, Flash drive, Thumb drive (Free 1 Go of 5 Go)
E: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
~ Security Center: 42 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 07:27:36.) -- C:\WINDOWS\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.19/01/2008 - 08:33:37.) -- C:\WINDOWS\System32\Wininit.exe [96768]
[MD5.62077F806BC59CBD5A404338D710D133] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.08/03/2014 - 00:02:07.) -- C:\WINDOWS\System32\wininet.dll [1129472]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 07:28:13.) -- C:\WINDOWS\System32\Winlogon.exe [314368]
[MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:58:27.) -- C:\WINDOWS\system32\Drivers\AFD.sys [273408]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 - 07:32:26.) -- C:\WINDOWS\system32\Drivers\atapi.sys [19944]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.19/01/2008 - 06:28:02.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 05:39:17.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [67072]
[MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:59:03.) -- C:\WINDOWS\system32\Drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 05:42:42.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.19/01/2008 - 06:49:18.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.19/01/2008 - 06:56:28.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [100864]
[MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:24:40.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 05:45:37.) -- C:\WINDOWS\system32\Drivers\netBT.sys [185856]
[MD5.2C1121F2B87E9A6B12485DF53CD848C7] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.03/03/2013 - 20:07:52.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [1082232]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 09:51:30.) -- C:\WINDOWS\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.19/01/2008 - 06:56:34.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [76288]
[MD5.E8BD98D46F2ED77132BA927FCCB47D8B] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.02/11/2006 - 10:03:00.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [242688]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 05:45:22.) -- C:\WINDOWS\system32\Drivers\smb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 05:45:56.) -- C:\WINDOWS\system32\Drivers\tdx.sys [72192]
[MD5.786DB5771F05EF300390399F626BF30A] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/08/2012 - 12:47:42.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [224640]
~ Generic Processes: Scanned in 00mn 05s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/1115
~ Mes musiques (My Musics) : 1/2
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/25
~ Mes Documents (My Documents) : 1/10
~ Mon Bureau (My Desktop) : 1/2
~ Menu demarrer (Programs) : 1/26
~ Hidden Files: Scanned in 00mn 07s



---\\ Processus lancés
[MD5.241B07FF7F5943B9C1BF3235F49AC1E1] - (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744] [PID.6140]
[MD5.D8FECDAC9ECD60AA8A97D35EF14E6280] - (.Avira Operations GmbH & Co. KG - Avira.OE.Systray.) -- C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [180304] [PID.6160]
[MD5.BF08674925F151BD4537B89A493E3E0C] - (.Microsoft Corporation - Media Center Tray Applet.) -- C:\WINDOWS\ehome\ehtray.exe [125952] [PID.6176]
[MD5.0F4195B9B348DE5CF9B822F81704B20E] - (.Microsoft Corporation - Media Center Media Status Aggregator Servic.) -- C:\Windows\ehome\ehmsas.exe [37376] [PID.6960]
[MD5.1305B94364F8F8F80DCD0E22E64E267A] - (.Avira Operations GmbH & Co. KG - In Product Messaging Application.) -- C:\program files\avira\antivir desktop\ipmGui.exe [467000] [PID.3972]
[MD5.4B555106290BD117334E9A08761C035A] - (...) -- ystem32\rundll32.exe [0] [PID.1140]
[MD5.D998FA33E11467D43A9BB7E9D3BAD124] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7867392] [PID.3768]
[MD5.8E556A72D54F7E3B7844AB9217F02DD7] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [275568] [PID.672]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.5156]
[MD5.CBA0013EBDE3F0B08B043F61857E9809] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [18544] [PID.6360]
[MD5.2F777711F4A380AACADBB85A3E7EBFCB] - (.Adobe Systems, Inc. - Adobe Flash Player 13.0 r0.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe [1864368] [PID.6408]
[MD5.A8C043670699C956D56B9F1F3DAEFC98] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 179.9.) -- C:\Windows\system32\nvvsvc.exe [203296] [PID.1228]
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.1036]
[MD5.4D282B9C5BB05DF92C9F3977DFB9F916] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400] [PID.2080]
[MD5.23C3A0680042C0D1DE1F360F8B62BC57] - (.Microsoft Corporation - Infrastructure d'extensibilité pour les ser.) -- C:\Windows\system32\WLANExt.exe [74240] [PID.1364]
[MD5.D19C4EE2AC7C47B8F5F84FFF1A789D8A] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [63960] [PID.1876]
[MD5.65AF41A7A2C5B6693E1B4164E7632C3E] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400] [PID.1924]
[MD5.9EE919B88977505BC3AFD499AC2DD59B] - (.Pas de propriétaire - CLCapSvc Module.) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [270431] [PID.2052]
[MD5.6E5DAC168D1FF9843E84A59D51D31107] - (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440] [PID.2208]
[MD5.CDA0BC78672B50C43649FF34E1FD0FF8] - (.Conexant Systems, Inc. - Modem Audio Service.) -- C:\Windows\system32\DRIVERS\xaudio.exe [386560] [PID.3040]
[MD5.BBE2FDDC6F2423016DE36428083B7280] - (.Avira Operations GmbH & Co. KG - Avira.OE.ServiceHost.) -- C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [122448] [PID.3112]
[MD5.0185BC0BEBAD66241C2B31E88D6F1F1F] - (.Pas de propriétaire - CLSched Module.) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [118877] [PID.3416]
[MD5.7DFF82ACDAB23414ABC2A95FEF8982F8] - (.Pas de propriétaire - app_filter Module.) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [370792] [PID.3464]
[MD5.198FF60A42802C319FBA58FDB13EEE49] - (.Pas de propriétaire - NVIDIA Corporation.) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [167528] [PID.3568]
[MD5.6F1E9AB820B3DD8BD38C0190A206205D] - (.Avira Operations GmbH & Co. KG - AntiVir shadow copy service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [431672] [PID.4404]
[MD5.F8D3544ACBCE9110362119F7C10D848E] - (.Microsoft Corporation - wpffontcache_v0400.exe.) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [770168] [PID.3052]
[MD5.D6B25A2A39547DD835E730BEF97FC1E0] - (.Hewlett-Packard - HP Health Check Service.) -- C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [58984] [PID.3388]
[MD5.97D9D6A04E3AD9B6C626B9931DB78DBA] - (.Microsoft Corporation - Programme d‚installation de modules Windows.) -- C:\Windows\servicing\TrustedInstaller.exe [39424] [PID.5904]
~ Processes Running: Scanned in 00mn 09s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Françoise\AppData\Roaming\Mozilla\Firefox\Profiles\t0lg9fyi.default\prefs.js
C:\Users\Françoise\AppData\Roaming\Mozilla\Firefox\Profiles\t0lg9fyi.default\user.js
~ Firefox Browser: 9 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Avira.lnk . (.Avira Operations GmbH & Co. KG - Avira.OE.Systray.) -- C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [Public]: QuickPlay Manager.lnk . (.CyberLink Corp. - HP QuickPlay Manage Program.) -- C:\Program Files\HP\QuickPlay\QPManager.exe
O4 - GS\Program [Public]: QuickPlay.lnk . (.CyberLink Corp. - HP QuickPlay.) -- C:\Program Files\HP\QuickPlay\QP.exe
O4 - GS\QuickLaunch [Françoise]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [Françoise]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Françoise]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Global Startup: 53 Legitimates Filtered in 00mn 14s



---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Run: [Avira Systray] . (.Avira Operations GmbH & Co. KG - Avira.OE.Systray.) -- C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
O4 - HKLM\..\RunOnce: [Launcher] . (.soft thinks - Launcher.) -- C:\WINDOWS\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-21-708976647-1072138664-3611824342-1000\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Console Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -- Clé orpheline
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{F6245297-8F82-40D7-A698-6007E04330F9}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{F6245297-8F82-40D7-A698-6007E04330F9}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS3\Services\Tcpip\..\{F6245297-8F82-40D7-A698-6007E04330F9}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\WINDOWS\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: ForceWare Intelligent Application Manager (IAM) (ForceWare Intelligent Application Manager (IAM)) . (.Pas de propriétaire - app_filter Module.) - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
~ Services: 13 Legitimates Filtered in 00mn 12s



---\\ Tà¢ches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [MySearchDial] (...) -- C:\Users\Françoise\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.exe (.not file.) [0] =>Adware.MyWebSearch
O39 - APT: MySearchDial - (...) -- C:\WINDOWS\Tasks\MySearchDial.job [306] =>Adware.MyWebSearch
~ Scheduled Task: 6 Legitimates Filtered in 00mn 06s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\IncrediMail]
[HKCU\Software\InstalledThirdPartyPrograms]
[HKLM\Software\InstalledThirdPartyPrograms]
~ Key Software: 152 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 09/04/2014 - 22:46:36 - [0] ----D C:\Program Files\003 =>PUP.AdPeak
O43 - CFD: 09/04/2014 - 22:46:36 - [0] ----D C:\Program Files\suprasavings =>PUP.SupraSavings
O43 - CFD: 16/06/2012 - 17:20:24 - [] ----D C:\ProgramData\IM
O43 - CFD: 16/06/2012 - 17:18:49 - [] ----D C:\ProgramData\IncrediMail
~ Program Folder: 127 Legitimates Filtered in 00mn 01s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.BA99DE81846F2E9093269E6013C94524] - 09/04/2014 - 21:47:09 ---A- . (...) -- C:\malwarebyte.txt [1256]
~ Files: 32 Legitimates Filtered in 02mn 47s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - DatamngrCoordinator.exe - tasklist.exe =>PUP.Datamngr
~ IFEO: Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:02/11/2006 - 10:51:34 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\WINDOWS\System32\Drivers\elxstor.sys [316520]
O58 - SDL:02/11/2006 - 10:50:07 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\WINDOWS\System32\Drivers\iteatapi.sys [35944]
O58 - SDL:02/11/2006 - 10:50:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\WINDOWS\System32\Drivers\iteraid.sys [35944]
O58 - SDL:15/11/2006 - 18:16:24 ---A- . (.REDC - RICOH MMC Driver.) -- C:\WINDOWS\System32\Drivers\rimmptsk.sys [32256]
O58 - SDL:15/11/2006 - 13:42:46 ---A- . (.REDC - RICOH MS Driver.) -- C:\WINDOWS\System32\Drivers\rimsptsk.sys [43520]
O58 - SDL:15/11/2006 - 11:35:20 ---A- . (.REDC - RICOH XD SM Driver.) -- C:\WINDOWS\System32\Drivers\rixdptsk.sys [37376]
O58 - SDL:25/02/2014 - 14:05:01 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\WINDOWS\System32\Drivers\ssmdrv.sys [28520]
O58 - SDL:02/11/2006 - 10:51:25 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\WINDOWS\System32\Drivers\uliahci.sys [235112]
O58 - SDL:02/11/2006 - 10:50:35 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win2003.) -- C:\WINDOWS\System32\Drivers\ulsata.sys [98408]
O58 - SDL:02/11/2006 - 10:50:45 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series Windows Drivers.) -- C:\WINDOWS\System32\Drivers\ulsata2.sys [115816]
O58 - SDL:02/11/2006 - 08:09:42 ---A- . (...) -- C:\WINDOWS\System32\ANSI.SYS [9029]
O58 - SDL:02/11/2006 - 08:09:45 ---A- . (...) -- C:\WINDOWS\System32\country.sys [27097]
O58 - SDL:02/11/2006 - 08:09:41 ---A- . (...) -- C:\WINDOWS\System32\HIMEM.SYS [4768]
O58 - SDL:02/11/2006 - 08:09:44 ---A- . (...) -- C:\WINDOWS\System32\KEY01.SYS [42809]
O58 - SDL:02/11/2006 - 08:09:44 ---A- . (...) -- C:\WINDOWS\System32\KEYBOARD.SYS [42537]
O58 - SDL:02/11/2006 - 08:09:29 ---A- . (...) -- C:\WINDOWS\System32\NTDOS.SYS [27866]
O58 - SDL:02/11/2006 - 08:09:35 ---A- . (...) -- C:\WINDOWS\System32\NTDOS404.SYS [29146]
O58 - SDL:02/11/2006 - 08:09:38 ---A- . (...) -- C:\WINDOWS\System32\NTDOS411.SYS [29370]
O58 - SDL:02/11/2006 - 08:09:40 ---A- . (...) -- C:\WINDOWS\System32\NTDOS412.SYS [29274]
O58 - SDL:02/11/2006 - 08:09:31 ---A- . (...) -- C:\WINDOWS\System32\NTDOS804.SYS [29146]
O58 - SDL:02/11/2006 - 08:09:20 ---A- . (...) -- C:\WINDOWS\System32\NTIO.SYS [33952]
O58 - SDL:02/11/2006 - 08:09:23 ---A- . (...) -- C:\WINDOWS\System32\NTIO404.SYS [34672]
O58 - SDL:02/11/2006 - 08:09:24 ---A- . (...) -- C:\WINDOWS\System32\NTIO411.SYS [35776]
O58 - SDL:02/11/2006 - 08:09:26 ---A- . (...) -- C:\WINDOWS\System32\NTIO412.SYS [35536]
O58 - SDL:02/11/2006 - 08:09:22 ---A- . (...) -- C:\WINDOWS\System32\NTIO804.SYS [34672]
~ Drivers: 16 Legitimates Filtered in 01mn 08s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com" onclick="window.open(this.href);return false;
O69 - SBI: SearchScopes [HKCU] {77AA745B-F4F8-45DA-9B14-61D2D95054C8} [DefaultScope] - (Mysearchdial) - http://start.mysearchdial.com" onclick="window.open(this.href);return false; =>Adware.MyWebSearch
O69 - SBI: SearchScopes [HKCU] {B6F5812C-1903-4EB3-82FE-6E34791CFB51} - (Yahoo! France) - http://fr.search.yahoo.com" onclick="window.open(this.href);return false;
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à  la racine du système (SPRF) (O84)
[MD5.82E5406B9FF01617864247CF544ED313] [SPRF][11/04/2014] (...) -- C:\ProgramData\nvModes.dat [48246]
[MD5.25645B4B8BF32D2647B7D0B59ABA62EA] [SPRF][16/06/2012] (...) -- C:\Users\Françoise\AppData\Roaming\nvModes.dat [13213]
~ Files: 5 Legitimates Filtered in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 26/06/2006 126976 | (AddFiltr) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
SS - | Demand 10/04/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Disabled 25/02/2014 1017424 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.exe
SS - | Demand 12/01/2010 227896 | (Com4QLBEx) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
SS - | Demand 30/04/2009 229944 | (hpqwmiex) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
SS - | Demand 22/10/2004 73728 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
SS - | Demand 05/08/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 01/03/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Auto 19/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\WINDOWS\System32\svchost.exe
SR - | Auto 27/07/2012 63960 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 25/02/2014 440400 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
SR - | Auto 25/02/2014 440400 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 15/04/2014 122448 | (Avira.OE.ServiceHost) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
SR - | Auto 24/11/2006 270431 | (CLCapSvc) . (...) - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
SR - | Auto 24/11/2006 118877 | (CLSched) . (...) - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
SR - | Auto 21/01/2010 370792 | (ForceWare Intelligent Application Manager (IAM)) . (...) - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
SR - | Auto 04/12/2006 58984 | (HP Health Check Service) . (.Hewlett-Packard.) - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
SR - | Auto 19/10/2006 61440 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 21/01/2010 167528 | (nSvcIp) . (...) - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
SR - | Auto 24/06/2009 203296 | (nvsvc) . (.NVIDIA Corporation.) - C:\WINDOWS\System32\nvvsvc.exe
SR - | Auto 19/01/2008 21504 | C:\WINDOWS\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\WINDOWS\System32\svchost.exe
SR - | Auto 10/07/2007 386560 | (XAudioService) . (.Conexant Systems, Inc..) - C:\WINDOWS\System32\DRIVERS\xaudio.exe
~ Services: Scanned in 00mn 18s



---\\ Scan Additionnel (O88)
Database Version : 13045 - (23/04/2014)
Clés trouvées (Keys found) : 9
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 1

[HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>PUP.Babylon
[HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon
[HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon
[HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon
[HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon
[HKLM\Software\Classes\AppID\escort.dll] =>PUP.Babylon
[HKLM\Software\Classes\AppID\escortapp.dll] =>PUP.Babylon
[HKLM\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}] =>Adware.BrowseFox
[HKLM\Software\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods
C:\Program Files\003 =>PUP.AdPeak^
C:\Program Files\suprasavings =>PUP.SupraSavings^
C:\WINDOWS\Tasks\MySearchDial.job =>Adware.MyWebSearch^
~ Additionnel Scan: 204425 Items scanned in 00mn 53s



---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.webs.com/apps/blog/show/27146838-adware-mywebsearch" onclick="window.open(this.href);return false; =>Adware.MyWebSearch
http://nicolascoolman.webs.com/apps/blog/show/42126939-pup-adpeak" onclick="window.open(this.href);return false; =>PUP.AdPeak
http://nicolascoolman.webs.com/apps/blog/show/42067481-pup-suprasavings" onclick="window.open(this.href);return false; =>PUP.SupraSavings
http://nicolascoolman.webs.com/apps/blog/show/27583992-pup-datamngr" onclick="window.open(this.href);return false; =>PUP.Datamngr
http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon" onclick="window.open(this.href);return false; =>PUP.Babylon
http://nicolascoolman.webs.com/apps/blog/show/32363262-adware-browsefox" onclick="window.open(this.href);return false; =>Adware.BrowseFox
http://nicolascoolman.webs.com/apps/blog/show/27630986-pup-funmoods" onclick="window.open(this.href);return false; =>PUP.Funmoods
~ MSI: 7 link(s) detected in 00mn 00s



~ 615 Legitimates filtered by white list
End of the scan (405 lines in 07mn 30s)(0)
Avatar du membre
par Evasion60
#134260
:hello: Re
... Gros gros ralentissement. à‰cran qui se fige et un BIP comme quand on accède au bios.. J'suis obligé de l'éteindre par le bouton ...
/!\ A ce niveau, écran bloqué + Bip au plantage, indiquent une future panne Matériel ou une surchauffe du portable :(

Défragmente ton disque dur !
Poste de Travail // Clic droit sur le Volume C:\ // Outil => Défragmenter

Je regarderai ton ZHPDiag plus tard ;)

Edité 17H59 =>
Ton rapport ZHPDiag est incomplet !
Avatar du membre
par narkin
#134291
Bizarre, je reposte en copiant bien tout :
Code: Tout sélectionner
~ Rapport de ZHPDiag v2014.4.23.42 - Nicolas Coolman (23/04/2014)
~ Lancé par Françoise (23/04/2014 17:35:19)
~ Adresse du Site Web http://nicolascoolman.webs.com" onclick="window.open(this.href);return false;
~ Forums gratuits d'Assistance à  la désinfection : http://nicolascoolman.webs.com/apps/links/" onclick="window.open(this.href);return false;
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 28.0 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows Vista (TM) Home Premium, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
~ Windows Operating System - Vista, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : WQD8Q
Windows License : OK
Windows Automatic Updates : OK

---\\ Logiciels de protection du système
Avira Free Antivirus v14.0.3.350
Malwarebytes Anti-Malware version 2.0.1.1004

---\\ Logiciels d'optimisation du système
CCleaner v4.12 =>.Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 13 Plugin
Adobe Reader X

---\\ Informations sur le système
~ Processor: x86 Family 15 Model 72 Stepping 2, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1021 MB (19% free)
System Restore: Activé (Enable)
System drive C: has 100 GB (69%) free of 144 GB

---\\ Mode de connexion au système
~ Computer Name: PC-DE-FRANà‡OISE
~ User Name: Françoise
~ All Users Names: Françoise, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Françoise\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Françoise\AppData\Roaming\
~ %Desktop% : C:\Users\Françoise\Desktop\
~ %Favorites% : C:\Users\Françoise\Favorites\
~ %LocalAppData% : C:\Users\Françoise\AppData\Local\
~ %StartMenu% : C:\Users\Françoise\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 100 Go of 144 Go)
D: Hard drive, Flash drive, Thumb drive (Free 1 Go of 5 Go)
E: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
~ Security Center: 42 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 07:27:36.) -- C:\WINDOWS\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.19/01/2008 - 08:33:37.) -- C:\WINDOWS\System32\Wininit.exe [96768]
[MD5.62077F806BC59CBD5A404338D710D133] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.08/03/2014 - 00:02:07.) -- C:\WINDOWS\System32\wininet.dll [1129472]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 07:28:13.) -- C:\WINDOWS\System32\Winlogon.exe [314368]
[MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:58:27.) -- C:\WINDOWS\system32\Drivers\AFD.sys [273408]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 - 07:32:26.) -- C:\WINDOWS\system32\Drivers\atapi.sys [19944]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.19/01/2008 - 06:28:02.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 05:39:17.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [67072]
[MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:59:03.) -- C:\WINDOWS\system32\Drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 05:42:42.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.19/01/2008 - 06:49:18.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.19/01/2008 - 06:56:28.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [100864]
[MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:24:40.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 05:45:37.) -- C:\WINDOWS\system32\Drivers\netBT.sys [185856]
[MD5.2C1121F2B87E9A6B12485DF53CD848C7] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.03/03/2013 - 20:07:52.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [1082232]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 09:51:30.) -- C:\WINDOWS\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.19/01/2008 - 06:56:34.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [76288]
[MD5.E8BD98D46F2ED77132BA927FCCB47D8B] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.02/11/2006 - 10:03:00.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [242688]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 05:45:22.) -- C:\WINDOWS\system32\Drivers\smb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 05:45:56.) -- C:\WINDOWS\system32\Drivers\tdx.sys [72192]
[MD5.786DB5771F05EF300390399F626BF30A] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/08/2012 - 12:47:42.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [224640]
~ Generic Processes: Scanned in 00mn 05s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/1115
~ Mes musiques (My Musics) : 1/2
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/25
~ Mes Documents (My Documents) : 1/10
~ Mon Bureau (My Desktop) : 1/2
~ Menu demarrer (Programs) : 1/26
~ Hidden Files: Scanned in 00mn 07s



---\\ Processus lancés
[MD5.241B07FF7F5943B9C1BF3235F49AC1E1] - (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744] [PID.6140]
[MD5.D8FECDAC9ECD60AA8A97D35EF14E6280] - (.Avira Operations GmbH & Co. KG - Avira.OE.Systray.) -- C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [180304] [PID.6160]
[MD5.BF08674925F151BD4537B89A493E3E0C] - (.Microsoft Corporation - Media Center Tray Applet.) -- C:\WINDOWS\ehome\ehtray.exe [125952] [PID.6176]
[MD5.0F4195B9B348DE5CF9B822F81704B20E] - (.Microsoft Corporation - Media Center Media Status Aggregator Servic.) -- C:\Windows\ehome\ehmsas.exe [37376] [PID.6960]
[MD5.1305B94364F8F8F80DCD0E22E64E267A] - (.Avira Operations GmbH & Co. KG - In Product Messaging Application.) -- C:\program files\avira\antivir desktop\ipmGui.exe [467000] [PID.3972]
[MD5.4B555106290BD117334E9A08761C035A] - (...) -- ystem32\rundll32.exe [0] [PID.1140]
[MD5.D998FA33E11467D43A9BB7E9D3BAD124] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7867392] [PID.3768]
[MD5.8E556A72D54F7E3B7844AB9217F02DD7] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [275568] [PID.672]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.5156]
[MD5.CBA0013EBDE3F0B08B043F61857E9809] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [18544] [PID.6360]
[MD5.2F777711F4A380AACADBB85A3E7EBFCB] - (.Adobe Systems, Inc. - Adobe Flash Player 13.0 r0.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe [1864368] [PID.6408]
[MD5.A8C043670699C956D56B9F1F3DAEFC98] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 179.9.) -- C:\Windows\system32\nvvsvc.exe [203296] [PID.1228]
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.1036]
[MD5.4D282B9C5BB05DF92C9F3977DFB9F916] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400] [PID.2080]
[MD5.23C3A0680042C0D1DE1F360F8B62BC57] - (.Microsoft Corporation - Infrastructure d'extensibilité pour les ser.) -- C:\Windows\system32\WLANExt.exe [74240] [PID.1364]
[MD5.D19C4EE2AC7C47B8F5F84FFF1A789D8A] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [63960] [PID.1876]
[MD5.65AF41A7A2C5B6693E1B4164E7632C3E] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400] [PID.1924]
[MD5.9EE919B88977505BC3AFD499AC2DD59B] - (.Pas de propriétaire - CLCapSvc Module.) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [270431] [PID.2052]
[MD5.6E5DAC168D1FF9843E84A59D51D31107] - (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440] [PID.2208]
[MD5.CDA0BC78672B50C43649FF34E1FD0FF8] - (.Conexant Systems, Inc. - Modem Audio Service.) -- C:\Windows\system32\DRIVERS\xaudio.exe [386560] [PID.3040]
[MD5.BBE2FDDC6F2423016DE36428083B7280] - (.Avira Operations GmbH & Co. KG - Avira.OE.ServiceHost.) -- C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [122448] [PID.3112]
[MD5.0185BC0BEBAD66241C2B31E88D6F1F1F] - (.Pas de propriétaire - CLSched Module.) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [118877] [PID.3416]
[MD5.7DFF82ACDAB23414ABC2A95FEF8982F8] - (.Pas de propriétaire - app_filter Module.) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [370792] [PID.3464]
[MD5.198FF60A42802C319FBA58FDB13EEE49] - (.Pas de propriétaire - NVIDIA Corporation.) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [167528] [PID.3568]
[MD5.6F1E9AB820B3DD8BD38C0190A206205D] - (.Avira Operations GmbH & Co. KG - AntiVir shadow copy service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [431672] [PID.4404]
[MD5.F8D3544ACBCE9110362119F7C10D848E] - (.Microsoft Corporation - wpffontcache_v0400.exe.) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [770168] [PID.3052]
[MD5.D6B25A2A39547DD835E730BEF97FC1E0] - (.Hewlett-Packard - HP Health Check Service.) -- C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [58984] [PID.3388]
[MD5.97D9D6A04E3AD9B6C626B9931DB78DBA] - (.Microsoft Corporation - Programme d&#130;installation de modules Windows.) -- C:\Windows\servicing\TrustedInstaller.exe [39424] [PID.5904]
~ Processes Running: Scanned in 00mn 09s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Françoise\AppData\Roaming\Mozilla\Firefox\Profiles\t0lg9fyi.default\prefs.js
C:\Users\Françoise\AppData\Roaming\Mozilla\Firefox\Profiles\t0lg9fyi.default\user.js
~ Firefox Browser: 9 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Avira.lnk . (.Avira Operations GmbH & Co. KG - Avira.OE.Systray.) -- C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [Public]: QuickPlay Manager.lnk . (.CyberLink Corp. - HP QuickPlay Manage Program.) -- C:\Program Files\HP\QuickPlay\QPManager.exe
O4 - GS\Program [Public]: QuickPlay.lnk . (.CyberLink Corp. - HP QuickPlay.) -- C:\Program Files\HP\QuickPlay\QP.exe
O4 - GS\QuickLaunch [Françoise]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [Françoise]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Françoise]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Global Startup: 53 Legitimates Filtered in 00mn 14s



---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Run: [Avira Systray] . (.Avira Operations GmbH & Co. KG - Avira.OE.Systray.) -- C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
O4 - HKLM\..\RunOnce: [Launcher] . (.soft thinks - Launcher.) -- C:\WINDOWS\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-21-708976647-1072138664-3611824342-1000\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Console Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -- Clé orpheline
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{F6245297-8F82-40D7-A698-6007E04330F9}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{F6245297-8F82-40D7-A698-6007E04330F9}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS3\Services\Tcpip\..\{F6245297-8F82-40D7-A698-6007E04330F9}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\WINDOWS\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: ForceWare Intelligent Application Manager (IAM) (ForceWare Intelligent Application Manager (IAM)) . (.Pas de propriétaire - app_filter Module.) - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
~ Services: 13 Legitimates Filtered in 00mn 12s



---\\ Tà¢ches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [MySearchDial] (...) -- C:\Users\Françoise\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.exe (.not file.) [0] =>Adware.MyWebSearch
O39 - APT: MySearchDial - (...) -- C:\WINDOWS\Tasks\MySearchDial.job [306] =>Adware.MyWebSearch
~ Scheduled Task: 6 Legitimates Filtered in 00mn 06s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\IncrediMail]
[HKCU\Software\InstalledThirdPartyPrograms]
[HKLM\Software\InstalledThirdPartyPrograms]
~ Key Software: 152 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 09/04/2014 - 22:46:36 - [0] ----D C:\Program Files\003 =>PUP.AdPeak
O43 - CFD: 09/04/2014 - 22:46:36 - [0] ----D C:\Program Files\suprasavings =>PUP.SupraSavings
O43 - CFD: 16/06/2012 - 17:20:24 - [] ----D C:\ProgramData\IM
O43 - CFD: 16/06/2012 - 17:18:49 - [] ----D C:\ProgramData\IncrediMail
~ Program Folder: 127 Legitimates Filtered in 00mn 01s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.BA99DE81846F2E9093269E6013C94524] - 09/04/2014 - 21:47:09 ---A- . (...) -- C:\malwarebyte.txt [1256]
~ Files: 32 Legitimates Filtered in 02mn 47s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - DatamngrCoordinator.exe - tasklist.exe =>PUP.Datamngr
~ IFEO: Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:02/11/2006 - 10:51:34 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\WINDOWS\System32\Drivers\elxstor.sys [316520]
O58 - SDL:02/11/2006 - 10:50:07 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\WINDOWS\System32\Drivers\iteatapi.sys [35944]
O58 - SDL:02/11/2006 - 10:50:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\WINDOWS\System32\Drivers\iteraid.sys [35944]
O58 - SDL:15/11/2006 - 18:16:24 ---A- . (.REDC - RICOH MMC Driver.) -- C:\WINDOWS\System32\Drivers\rimmptsk.sys [32256]
O58 - SDL:15/11/2006 - 13:42:46 ---A- . (.REDC - RICOH MS Driver.) -- C:\WINDOWS\System32\Drivers\rimsptsk.sys [43520]
O58 - SDL:15/11/2006 - 11:35:20 ---A- . (.REDC - RICOH XD SM Driver.) -- C:\WINDOWS\System32\Drivers\rixdptsk.sys [37376]
O58 - SDL:25/02/2014 - 14:05:01 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\WINDOWS\System32\Drivers\ssmdrv.sys [28520]
O58 - SDL:02/11/2006 - 10:51:25 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\WINDOWS\System32\Drivers\uliahci.sys [235112]
O58 - SDL:02/11/2006 - 10:50:35 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win2003.) -- C:\WINDOWS\System32\Drivers\ulsata.sys [98408]
O58 - SDL:02/11/2006 - 10:50:45 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series Windows Drivers.) -- C:\WINDOWS\System32\Drivers\ulsata2.sys [115816]
O58 - SDL:02/11/2006 - 08:09:42 ---A- . (...) -- C:\WINDOWS\System32\ANSI.SYS [9029]
O58 - SDL:02/11/2006 - 08:09:45 ---A- . (...) -- C:\WINDOWS\System32\country.sys [27097]
O58 - SDL:02/11/2006 - 08:09:41 ---A- . (...) -- C:\WINDOWS\System32\HIMEM.SYS [4768]
O58 - SDL:02/11/2006 - 08:09:44 ---A- . (...) -- C:\WINDOWS\System32\KEY01.SYS [42809]
O58 - SDL:02/11/2006 - 08:09:44 ---A- . (...) -- C:\WINDOWS\System32\KEYBOARD.SYS [42537]
O58 - SDL:02/11/2006 - 08:09:29 ---A- . (...) -- C:\WINDOWS\System32\NTDOS.SYS [27866]
O58 - SDL:02/11/2006 - 08:09:35 ---A- . (...) -- C:\WINDOWS\System32\NTDOS404.SYS [29146]
O58 - SDL:02/11/2006 - 08:09:38 ---A- . (...) -- C:\WINDOWS\System32\NTDOS411.SYS [29370]
O58 - SDL:02/11/2006 - 08:09:40 ---A- . (...) -- C:\WINDOWS\System32\NTDOS412.SYS [29274]
O58 - SDL:02/11/2006 - 08:09:31 ---A- . (...) -- C:\WINDOWS\System32\NTDOS804.SYS [29146]
O58 - SDL:02/11/2006 - 08:09:20 ---A- . (...) -- C:\WINDOWS\System32\NTIO.SYS [33952]
O58 - SDL:02/11/2006 - 08:09:23 ---A- . (...) -- C:\WINDOWS\System32\NTIO404.SYS [34672]
O58 - SDL:02/11/2006 - 08:09:24 ---A- . (...) -- C:\WINDOWS\System32\NTIO411.SYS [35776]
O58 - SDL:02/11/2006 - 08:09:26 ---A- . (...) -- C:\WINDOWS\System32\NTIO412.SYS [35536]
O58 - SDL:02/11/2006 - 08:09:22 ---A- . (...) -- C:\WINDOWS\System32\NTIO804.SYS [34672]
~ Drivers: 16 Legitimates Filtered in 01mn 08s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com" onclick="window.open(this.href);return false;
O69 - SBI: SearchScopes [HKCU] {77AA745B-F4F8-45DA-9B14-61D2D95054C8} [DefaultScope] - (Mysearchdial) - http://start.mysearchdial.com" onclick="window.open(this.href);return false; =>Adware.MyWebSearch
O69 - SBI: SearchScopes [HKCU] {B6F5812C-1903-4EB3-82FE-6E34791CFB51} - (Yahoo! France) - http://fr.search.yahoo.com" onclick="window.open(this.href);return false;
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à  la racine du système (SPRF) (O84)
[MD5.82E5406B9FF01617864247CF544ED313] [SPRF][11/04/2014] (...) -- C:\ProgramData\nvModes.dat [48246]
[MD5.25645B4B8BF32D2647B7D0B59ABA62EA] [SPRF][16/06/2012] (...) -- C:\Users\Françoise\AppData\Roaming\nvModes.dat [13213]
~ Files: 5 Legitimates Filtered in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 26/06/2006 126976 | (AddFiltr) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
SS - | Demand 10/04/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Disabled 25/02/2014 1017424 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.exe
SS - | Demand 12/01/2010 227896 | (Com4QLBEx) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
SS - | Demand 30/04/2009 229944 | (hpqwmiex) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
SS - | Demand 22/10/2004 73728 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
SS - | Demand 05/08/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 01/03/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Auto 19/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\WINDOWS\System32\svchost.exe
SR - | Auto 27/07/2012 63960 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 25/02/2014 440400 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
SR - | Auto 25/02/2014 440400 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 15/04/2014 122448 | (Avira.OE.ServiceHost) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
SR - | Auto 24/11/2006 270431 | (CLCapSvc) . (...) - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
SR - | Auto 24/11/2006 118877 | (CLSched) . (...) - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
SR - | Auto 21/01/2010 370792 | (ForceWare Intelligent Application Manager (IAM)) . (...) - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
SR - | Auto 04/12/2006 58984 | (HP Health Check Service) . (.Hewlett-Packard.) - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
SR - | Auto 19/10/2006 61440 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 21/01/2010 167528 | (nSvcIp) . (...) - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
SR - | Auto 24/06/2009 203296 | (nvsvc) . (.NVIDIA Corporation.) - C:\WINDOWS\System32\nvvsvc.exe
SR - | Auto 19/01/2008 21504 | C:\WINDOWS\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\WINDOWS\System32\svchost.exe
SR - | Auto 10/07/2007 386560 | (XAudioService) . (.Conexant Systems, Inc..) - C:\WINDOWS\System32\DRIVERS\xaudio.exe
~ Services: Scanned in 00mn 18s



---\\ Scan Additionnel (O88)
Database Version : 13045 - (23/04/2014)
Clés trouvées (Keys found) : 9
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 1

[HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>PUP.Babylon
[HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon
[HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon
[HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon
[HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon
[HKLM\Software\Classes\AppID\escort.dll] =>PUP.Babylon
[HKLM\Software\Classes\AppID\escortapp.dll] =>PUP.Babylon
[HKLM\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}] =>Adware.BrowseFox
[HKLM\Software\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods
C:\Program Files\003 =>PUP.AdPeak^
C:\Program Files\suprasavings =>PUP.SupraSavings^
C:\WINDOWS\Tasks\MySearchDial.job =>Adware.MyWebSearch^
~ Additionnel Scan: 204425 Items scanned in 00mn 53s



---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.webs.com/apps/blog/show/27146838-adware-mywebsearch" onclick="window.open(this.href);return false; =>Adware.MyWebSearch
http://nicolascoolman.webs.com/apps/blog/show/42126939-pup-adpeak" onclick="window.open(this.href);return false; =>PUP.AdPeak
http://nicolascoolman.webs.com/apps/blog/show/42067481-pup-suprasavings" onclick="window.open(this.href);return false; =>PUP.SupraSavings
http://nicolascoolman.webs.com/apps/blog/show/27583992-pup-datamngr" onclick="window.open(this.href);return false; =>PUP.Datamngr
http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon" onclick="window.open(this.href);return false; =>PUP.Babylon
http://nicolascoolman.webs.com/apps/blog/show/32363262-adware-browsefox" onclick="window.open(this.href);return false; =>Adware.BrowseFox
http://nicolascoolman.webs.com/apps/blog/show/27630986-pup-funmoods" onclick="window.open(this.href);return false; =>PUP.Funmoods
~ MSI: 7 link(s) detected in 00mn 00s



~ 615 Legitimates filtered by white list
End of the scan (405 lines in 07mn 30s)(0)
Avatar du membre
par Evasion60
#134438
:hello: Yep

/!\ Merci de lire mes demandes :(
- Défragmenter le disque
- Un rapport complet de ZHPDiag
---\\ Mode de connexion au système
~ Computer Name: PC-DE-FRANà‡OISE
~ User Name: Françoise
~ All Users Names: Françoise, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
@+ :)
Avatar du membre
par narkin
#134471
La défragmentation est en cours, par contre pour le rapport je comprend pas j'ai lancé le programme, attendu la fin et copié le rapport ?? Il y a des choses spécial à  faire ?
Avatar du membre
par narkin
#134522
Defragmentation faite, voila a nouveau un rapport

Code: Tout sélectionner
~ Rapport de ZHPDiag v2014.4.23.42 - Nicolas Coolman (23/04/2014)
~ Lancé par Françoise (23/04/2014 21:14:18)
~ Adresse du Site Web http://nicolascoolman.webs.com" onclick="window.open(this.href);return false;
~ Forums gratuits d'Assistance à  la désinfection : http://nicolascoolman.webs.com/apps/links/" onclick="window.open(this.href);return false;
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program


---\\ Navigateurs Internet
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 28.0 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows Vista (TM) Home Premium, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
~ Windows Operating System - Vista, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : WQD8Q
Windows License : OK
Windows Automatic Updates : OK

---\\ Logiciels de protection du système
Avira Free Antivirus v14.0.3.350
Malwarebytes Anti-Malware version 2.0.1.1004

---\\ Logiciels d'optimisation du système
CCleaner v4.12 =>.Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 13 Plugin
Adobe Reader X

---\\ Informations sur le système
~ Processor: x86 Family 15 Model 72 Stepping 2, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1021 MB (43% free)
System Restore: Activé (Enable)
System drive C: has 95 GB (65%) free of 144 GB

---\\ Mode de connexion au système
~ Computer Name: PC-DE-FRANà‡OISE
~ User Name: Françoise
~ All Users Names: Françoise, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Françoise\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Françoise\AppData\Roaming\
~ %Desktop% : C:\Users\Françoise\Desktop\
~ %Favorites% : C:\Users\Françoise\Favorites\
~ %LocalAppData% : C:\Users\Françoise\AppData\Local\
~ %StartMenu% : C:\Users\Françoise\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 95 Go of 144 Go)
D: Hard drive, Flash drive, Thumb drive (Free 1 Go of 5 Go)
E: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
~ Security Center: 42 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 07:27:36.) -- C:\WINDOWS\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.19/01/2008 - 08:33:37.) -- C:\WINDOWS\System32\Wininit.exe [96768]
[MD5.62077F806BC59CBD5A404338D710D133] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.08/03/2014 - 00:02:07.) -- C:\WINDOWS\System32\wininet.dll [1129472]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 07:28:13.) -- C:\WINDOWS\System32\Winlogon.exe [314368]
[MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:58:27.) -- C:\WINDOWS\system32\Drivers\AFD.sys [273408]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 - 07:32:26.) -- C:\WINDOWS\system32\Drivers\atapi.sys [19944]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.19/01/2008 - 06:28:02.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 05:39:17.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [67072]
[MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:59:03.) -- C:\WINDOWS\system32\Drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 05:42:42.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.19/01/2008 - 06:49:18.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.19/01/2008 - 06:56:28.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [100864]
[MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:24:40.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 05:45:37.) -- C:\WINDOWS\system32\Drivers\netBT.sys [185856]
[MD5.2C1121F2B87E9A6B12485DF53CD848C7] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.03/03/2013 - 20:07:52.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [1082232]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 09:51:30.) -- C:\WINDOWS\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.19/01/2008 - 06:56:34.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [76288]
[MD5.E8BD98D46F2ED77132BA927FCCB47D8B] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.02/11/2006 - 10:03:00.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [242688]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 05:45:22.) -- C:\WINDOWS\system32\Drivers\smb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 05:45:56.) -- C:\WINDOWS\system32\Drivers\tdx.sys [72192]
[MD5.786DB5771F05EF300390399F626BF30A] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/08/2012 - 12:47:42.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [224640]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/1115
~ Mes musiques (My Musics) : 1/2
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/25
~ Mes Documents (My Documents) : 1/8
~ Mon Bureau (My Desktop) : 1/5
~ Menu demarrer (Programs) : 1/26
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lancés
[MD5.241B07FF7F5943B9C1BF3235F49AC1E1] - (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744] [PID.6140]
[MD5.D8FECDAC9ECD60AA8A97D35EF14E6280] - (.Avira Operations GmbH & Co. KG - Avira.OE.Systray.) -- C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [180304] [PID.6160]
[MD5.BF08674925F151BD4537B89A493E3E0C] - (.Microsoft Corporation - Media Center Tray Applet.) -- C:\WINDOWS\ehome\ehtray.exe [125952] [PID.6176]
[MD5.0F4195B9B348DE5CF9B822F81704B20E] - (.Microsoft Corporation - Media Center Media Status Aggregator Servic.) -- C:\Windows\ehome\ehmsas.exe [37376] [PID.6960]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.5156]
[MD5.D998FA33E11467D43A9BB7E9D3BAD124] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7867392] [PID.6104]
[MD5.A8C043670699C956D56B9F1F3DAEFC98] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 179.9.) -- C:\Windows\system32\nvvsvc.exe [203296] [PID.1228]
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.1036]
[MD5.4B555106290BD117334E9A08761C035A] - (...) -- ystem32\rundll32.exe [0] [PID.1140]
[MD5.4D282B9C5BB05DF92C9F3977DFB9F916] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400] [PID.2080]
[MD5.23C3A0680042C0D1DE1F360F8B62BC57] - (.Microsoft Corporation - Infrastructure d'extensibilité pour les ser.) -- C:\Windows\system32\WLANExt.exe [74240] [PID.1364]
[MD5.D19C4EE2AC7C47B8F5F84FFF1A789D8A] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [63960] [PID.1876]
[MD5.65AF41A7A2C5B6693E1B4164E7632C3E] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400] [PID.1924]
[MD5.9EE919B88977505BC3AFD499AC2DD59B] - (.Pas de propriétaire - CLCapSvc Module.) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [270431] [PID.2052]
[MD5.6E5DAC168D1FF9843E84A59D51D31107] - (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440] [PID.2208]
[MD5.CDA0BC78672B50C43649FF34E1FD0FF8] - (.Conexant Systems, Inc. - Modem Audio Service.) -- C:\Windows\system32\DRIVERS\xaudio.exe [386560] [PID.3040]
[MD5.BBE2FDDC6F2423016DE36428083B7280] - (.Avira Operations GmbH & Co. KG - Avira.OE.ServiceHost.) -- C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [122448] [PID.3112]
[MD5.0185BC0BEBAD66241C2B31E88D6F1F1F] - (.Pas de propriétaire - CLSched Module.) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [118877] [PID.3416]
[MD5.7DFF82ACDAB23414ABC2A95FEF8982F8] - (.Pas de propriétaire - app_filter Module.) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [370792] [PID.3464]
[MD5.198FF60A42802C319FBA58FDB13EEE49] - (.Pas de propriétaire - NVIDIA Corporation.) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [167528] [PID.3568]
[MD5.6F1E9AB820B3DD8BD38C0190A206205D] - (.Avira Operations GmbH & Co. KG - AntiVir shadow copy service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [431672] [PID.4404]
[MD5.F8D3544ACBCE9110362119F7C10D848E] - (.Microsoft Corporation - wpffontcache_v0400.exe.) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [770168] [PID.3052]
[MD5.D6B25A2A39547DD835E730BEF97FC1E0] - (.Hewlett-Packard - HP Health Check Service.) -- C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [58984] [PID.3388]
~ Processes Running: Scanned in 00mn 01s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Françoise\AppData\Roaming\Mozilla\Firefox\Profiles\t0lg9fyi.default\prefs.js
C:\Users\Françoise\AppData\Roaming\Mozilla\Firefox\Profiles\t0lg9fyi.default\user.js
~ Firefox Browser: 9 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Avira.lnk . (.Avira Operations GmbH & Co. KG - Avira.OE.Systray.) -- C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [Public]: QuickPlay Manager.lnk . (.CyberLink Corp. - HP QuickPlay Manage Program.) -- C:\Program Files\HP\QuickPlay\QPManager.exe
O4 - GS\Program [Public]: QuickPlay.lnk . (.CyberLink Corp. - HP QuickPlay.) -- C:\Program Files\HP\QuickPlay\QP.exe
O4 - GS\QuickLaunch [Françoise]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [Françoise]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Françoise]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Global Startup: 55 Legitimates Filtered in 00mn 00s



---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Run: [Avira Systray] . (.Avira Operations GmbH & Co. KG - Avira.OE.Systray.) -- C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
O4 - HKLM\..\RunOnce: [Launcher] . (.soft thinks - Launcher.) -- C:\WINDOWS\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-21-708976647-1072138664-3611824342-1000\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Console Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -- Clé orpheline
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{F6245297-8F82-40D7-A698-6007E04330F9}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{F6245297-8F82-40D7-A698-6007E04330F9}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS3\Services\Tcpip\..\{F6245297-8F82-40D7-A698-6007E04330F9}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\WINDOWS\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: ForceWare Intelligent Application Manager (IAM) (ForceWare Intelligent Application Manager (IAM)) . (.Pas de propriétaire - app_filter Module.) - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
~ Services: 13 Legitimates Filtered in 00mn 09s



---\\ Tà¢ches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [MySearchDial] (...) -- C:\Users\Françoise\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.exe (.not file.) [0] =>Adware.MyWebSearch
O39 - APT: MySearchDial - (...) -- C:\WINDOWS\Tasks\MySearchDial.job [306] =>Adware.MyWebSearch
~ Scheduled Task: 6 Legitimates Filtered in 00mn 04s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\IncrediMail]
[HKCU\Software\InstalledThirdPartyPrograms]
[HKLM\Software\InstalledThirdPartyPrograms]
~ Key Software: 152 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 09/04/2014 - 22:46:36 - [0] ----D C:\Program Files\003 =>PUP.AdPeak
O43 - CFD: 09/04/2014 - 22:46:36 - [0] ----D C:\Program Files\suprasavings =>PUP.SupraSavings
O43 - CFD: 16/06/2012 - 17:20:24 - [] ----D C:\ProgramData\IM
O43 - CFD: 16/06/2012 - 17:18:49 - [] ----D C:\ProgramData\IncrediMail
~ Program Folder: 127 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.BA99DE81846F2E9093269E6013C94524] - 09/04/2014 - 21:47:09 ---A- . (...) -- C:\malwarebyte.txt [1256]
~ Files: 32 Legitimates Filtered in 00mn 04s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - DatamngrCoordinator.exe - tasklist.exe =>PUP.Datamngr
~ IFEO: Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:02/11/2006 - 10:51:34 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\WINDOWS\System32\Drivers\elxstor.sys [316520]
O58 - SDL:02/11/2006 - 10:50:07 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\WINDOWS\System32\Drivers\iteatapi.sys [35944]
O58 - SDL:02/11/2006 - 10:50:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\WINDOWS\System32\Drivers\iteraid.sys [35944]
O58 - SDL:15/11/2006 - 18:16:24 ---A- . (.REDC - RICOH MMC Driver.) -- C:\WINDOWS\System32\Drivers\rimmptsk.sys [32256]
O58 - SDL:15/11/2006 - 13:42:46 ---A- . (.REDC - RICOH MS Driver.) -- C:\WINDOWS\System32\Drivers\rimsptsk.sys [43520]
O58 - SDL:15/11/2006 - 11:35:20 ---A- . (.REDC - RICOH XD SM Driver.) -- C:\WINDOWS\System32\Drivers\rixdptsk.sys [37376]
O58 - SDL:25/02/2014 - 14:05:01 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\WINDOWS\System32\Drivers\ssmdrv.sys [28520]
O58 - SDL:02/11/2006 - 10:51:25 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\WINDOWS\System32\Drivers\uliahci.sys [235112]
O58 - SDL:02/11/2006 - 10:50:35 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win2003.) -- C:\WINDOWS\System32\Drivers\ulsata.sys [98408]
O58 - SDL:02/11/2006 - 10:50:45 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series Windows Drivers.) -- C:\WINDOWS\System32\Drivers\ulsata2.sys [115816]
O58 - SDL:02/11/2006 - 08:09:42 ---A- . (...) -- C:\WINDOWS\System32\ANSI.SYS [9029]
O58 - SDL:02/11/2006 - 08:09:45 ---A- . (...) -- C:\WINDOWS\System32\country.sys [27097]
O58 - SDL:02/11/2006 - 08:09:41 ---A- . (...) -- C:\WINDOWS\System32\HIMEM.SYS [4768]
O58 - SDL:02/11/2006 - 08:09:44 ---A- . (...) -- C:\WINDOWS\System32\KEY01.SYS [42809]
O58 - SDL:02/11/2006 - 08:09:44 ---A- . (...) -- C:\WINDOWS\System32\KEYBOARD.SYS [42537]
O58 - SDL:02/11/2006 - 08:09:29 ---A- . (...) -- C:\WINDOWS\System32\NTDOS.SYS [27866]
O58 - SDL:02/11/2006 - 08:09:35 ---A- . (...) -- C:\WINDOWS\System32\NTDOS404.SYS [29146]
O58 - SDL:02/11/2006 - 08:09:38 ---A- . (...) -- C:\WINDOWS\System32\NTDOS411.SYS [29370]
O58 - SDL:02/11/2006 - 08:09:40 ---A- . (...) -- C:\WINDOWS\System32\NTDOS412.SYS [29274]
O58 - SDL:02/11/2006 - 08:09:31 ---A- . (...) -- C:\WINDOWS\System32\NTDOS804.SYS [29146]
O58 - SDL:02/11/2006 - 08:09:20 ---A- . (...) -- C:\WINDOWS\System32\NTIO.SYS [33952]
O58 - SDL:02/11/2006 - 08:09:23 ---A- . (...) -- C:\WINDOWS\System32\NTIO404.SYS [34672]
O58 - SDL:02/11/2006 - 08:09:24 ---A- . (...) -- C:\WINDOWS\System32\NTIO411.SYS [35776]
O58 - SDL:02/11/2006 - 08:09:26 ---A- . (...) -- C:\WINDOWS\System32\NTIO412.SYS [35536]
O58 - SDL:02/11/2006 - 08:09:22 ---A- . (...) -- C:\WINDOWS\System32\NTIO804.SYS [34672]
~ Drivers: 16 Legitimates Filtered in 00mn 16s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com" onclick="window.open(this.href);return false;
O69 - SBI: SearchScopes [HKCU] {77AA745B-F4F8-45DA-9B14-61D2D95054C8} [DefaultScope] - (Mysearchdial) - http://start.mysearchdial.com" onclick="window.open(this.href);return false; =>Adware.MyWebSearch
O69 - SBI: SearchScopes [HKCU] {B6F5812C-1903-4EB3-82FE-6E34791CFB51} - (Yahoo! France) - http://fr.search.yahoo.com" onclick="window.open(this.href);return false;
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à  la racine du système (SPRF) (O84)
[MD5.82E5406B9FF01617864247CF544ED313] [SPRF][23/04/2014] (...) -- C:\ProgramData\nvModes.dat [48246]
[MD5.25645B4B8BF32D2647B7D0B59ABA62EA] [SPRF][16/06/2012] (...) -- C:\Users\Françoise\AppData\Roaming\nvModes.dat [13213]
[MD5.3394D76136184C57831A4CE8B2AAA4BF] [SPRF][11/04/2014] (.Pas de propriétaire - Nettoyage des fichiers temporaires.) -- C:\Users\Françoise\Desktop\SFTGC.exe [1057156]
~ Files: 6 Legitimates Filtered in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 26/06/2006 126976 | (AddFiltr) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
SS - | Demand 10/04/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Disabled 25/02/2014 1017424 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.exe
SS - | Demand 12/01/2010 227896 | (Com4QLBEx) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
SS - | Demand 30/04/2009 229944 | (hpqwmiex) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
SS - | Demand 22/10/2004 73728 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
SS - | Demand 05/08/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 01/03/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Auto 19/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\WINDOWS\System32\svchost.exe
SR - | Auto 27/07/2012 63960 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 25/02/2014 440400 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
SR - | Auto 25/02/2014 440400 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 15/04/2014 122448 | (Avira.OE.ServiceHost) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
SR - | Auto 24/11/2006 270431 | (CLCapSvc) . (...) - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
SR - | Auto 24/11/2006 118877 | (CLSched) . (...) - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
SR - | Auto 21/01/2010 370792 | (ForceWare Intelligent Application Manager (IAM)) . (...) - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
SR - | Auto 04/12/2006 58984 | (HP Health Check Service) . (.Hewlett-Packard.) - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
SR - | Auto 19/10/2006 61440 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 21/01/2010 167528 | (nSvcIp) . (...) - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
SR - | Auto 24/06/2009 203296 | (nvsvc) . (.NVIDIA Corporation.) - C:\WINDOWS\System32\nvvsvc.exe
SR - | Auto 19/01/2008 21504 | C:\WINDOWS\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\WINDOWS\System32\svchost.exe
SR - | Auto 10/07/2007 386560 | (XAudioService) . (.Conexant Systems, Inc..) - C:\WINDOWS\System32\DRIVERS\xaudio.exe
~ Services: Scanned in 00mn 17s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net" onclick="window.open(this.href);return false;
~ MBR: 1 Legitimates Filtered in 00mn 02s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog" onclick="window.open(this.href);return false;
Run by Françoise at 23/04/2014 21:16:52
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s



---\\ Scan Additionnel (O88)
Database Version : 13045 - (23/04/2014)
Clés trouvées (Keys found) : 9
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 1

[HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>PUP.Babylon
[HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon
[HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon
[HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon
[HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon
[HKLM\Software\Classes\AppID\escort.dll] =>PUP.Babylon
[HKLM\Software\Classes\AppID\escortapp.dll] =>PUP.Babylon
[HKLM\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}] =>Adware.BrowseFox
[HKLM\Software\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods
C:\Program Files\003 =>PUP.AdPeak^
C:\Program Files\suprasavings =>PUP.SupraSavings^
C:\WINDOWS\Tasks\MySearchDial.job =>Adware.MyWebSearch^
~ Additionnel Scan: 204384 Items scanned in 00mn 35s



---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.webs.com/apps/blog/show/27146838-adware-mywebsearch" onclick="window.open(this.href);return false; =>Adware.MyWebSearch
http://nicolascoolman.webs.com/apps/blog/show/42126939-pup-adpeak" onclick="window.open(this.href);return false; =>PUP.AdPeak
http://nicolascoolman.webs.com/apps/blog/show/42067481-pup-suprasavings" onclick="window.open(this.href);return false; =>PUP.SupraSavings
http://nicolascoolman.webs.com/apps/blog/show/27583992-pup-datamngr" onclick="window.open(this.href);return false; =>PUP.Datamngr
http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon" onclick="window.open(this.href);return false; =>PUP.Babylon
http://nicolascoolman.webs.com/apps/blog/show/32363262-adware-browsefox" onclick="window.open(this.href);return false; =>Adware.BrowseFox
http://nicolascoolman.webs.com/apps/blog/show/27630986-pup-funmoods" onclick="window.open(this.href);return false; =>PUP.Funmoods
~ MSI: 7 link(s) detected in 00mn 00s



~ 617 Legitimates filtered by white list
End of the scan (416 lines in 03mn 10s)(0)
Avatar du membre
par Evasion60
#134576
:hello: Re

Applique ce correctif =>

Ouvre le bloc-notes
Sélectionne et copie dedans le script ci dessous =>
Code: Tout sélectionner
Script ZHPFix
ShortcutFix
[MD5.00000000000000000000000000000000] [APT] [MySearchDial] (...) -- C:\Users\Françoise\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.exe (.not file.) [0]
O39 - APT: MySearchDial - (...) -- C:\WINDOWS\Tasks\MySearchDial.job [306]
O43 - CFD: 09/04/2014 - 22:46:36 - [0] ----D C:\Program Files\003
O43 - CFD: 09/04/2014 - 22:46:36 - [0] ----D C:\Program Files\suprasavings
O50 - IFEO:Image File Execution Options - DatamngrCoordinator.exe - tasklist.exe
O69 - SBI: SearchScopes [HKCU] {77AA745B-F4F8-45DA-9B14-61D2D95054C8} [DefaultScope] - (Mysearchdial) - http://start.mysearchdial.com" onclick="window.open(this.href);return false;
[HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}]
[HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}]
[HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}]
[HKLM\Software\Classes\AppID\escort.dll]
[HKLM\Software\Classes\AppID\escortapp.dll]
[HKLM\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}]
[HKLM\Software\Classes\AppID\escorTlbr.DLL]
C:\Program Files\003
C:\Program Files\suprasavings
C:\WINDOWS\Tasks\MySearchDial.job
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] Clé orpheline
[HKCU\Software\IncrediMail]
[HKCU\Software\InstalledThirdPartyPrograms]
[HKLM\Software\InstalledThirdPartyPrograms]
O43 - CFD: 16/06/2012 - 17:20:24 - [] ----D C:\ProgramData\IM
O43 - CFD: 16/06/2012 - 17:18:49 - [] ----D C:\ProgramData\IncrediMail
FirewallRAZ
EmptyCLSID
Emptytemp
EmptyFlash
Double-clique sur le raccourci du programme "ZHPFix" qui est sur ton bureau

Image

Dans l'interface du logiciel qui s'est ouvert, clique sur "Importer" pour coller le Script ZHPFix

Image

Si le script n'est pas conforme
Un avertissement s'affiche
Le script doit comporter obligatoirement comme première ligne Script ZHPFix

Image

Vérifie que le script dans ZHPFix correspond aux lignes précédentes
Clique sur le bouton GO » pour lancer le nettoyage
Confirme ce nettoyage en cliquant sur "OUI"

/!\ Ce traitement peut durer jusqu'à  plusieurs minutes avant le nettoyage proprement dit des lignes du script
Le nettoyage s'effectue, ne touche à  rien pendant cette étape, si le programme demande un redémarrage du pc fait le
A l'issue un rapport ZHPFix.txt s'affiche dans la zone de rapport de l'interface et dans le bloc note Windows
Le rapport est aussi sauvegardé sur le Bureau Windows et dans le dossier : C\User\nomxxx\AppData\Roaming\ZHP\ZHPFix.txt

Poste le contenu de ce rapport par un copier/coller dans ta réponse sur le forum
Ferme ZHPFix et le bloc note par la croix rouge en haut à  droite des deux fenêtres

;)
Avatar du membre
par narkin
#134700
Voilà  le rapport
Code: Tout sélectionner
Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Françoise at 24/04/2014 10:34:55
High Elevated Privileges : OK
Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002)

Corbeille vidée (00mn 13s)
Réparation des raccourcis navigateur

========== Clés du Registre ==========
SUPPRIMà‰: O50 - IFEO:Image File Execution Options - DatamngrCoordinator.exe - tasklist.exe
SUPPRIMà‰: SearchScopes :{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
SUPPRIMà‰: HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
SUPPRIMà‰: HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
SUPPRIMà‰: HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
SUPPRIMà‰: HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
SUPPRIMà‰: HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
SUPPRIMà‰: HKLM\Software\Classes\AppID\escort.dll
SUPPRIMà‰: HKLM\Software\Classes\AppID\escortapp.dll
SUPPRIMà‰: HKLM\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
SUPPRIMà‰: HKLM\Software\Classes\AppID\escorTlbr.DLL
SUPPRIMà‰: HKCU\Software\IncrediMail
SUPPRIMà‰: HKCU\Software\InstalledThirdPartyPrograms
SUPPRIMà‰: HKLM\Software\InstalledThirdPartyPrograms

========== Valeurs du Registre ==========
SUPPRIMà‰ RunValue: WindowsWelcomeCenter
Aucune Valeur Standard Profile: FirewallRaz :
Aucune Valeur Domain Profile: FirewallRaz :

========== Dossiers ==========
Aucun dossiers CLSID Local utilisateur vide
SUPPRIMà‰S Temporaires Windows (71)
SUPPRIMà‰S Flash Cookies (1)

========== Fichiers ==========
SUPPRIMà‰S Temporaires Windows (7) (81 624 octets)
SUPPRIMà‰S Flash Cookies (0) (0 octets)

========== Tache planifiée ==========
SUPPRIMà‰: MySearchDial
Avatar du membre
par Evasion60
#134701
:hello: Bonjour Narkin

/!\ Avant de terminer, passe ce scanner =>
  • Télécharge ESET Online Scanner (de ESET) sur ton bureau.
  • Lance ESET Online Scanner, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista
  • Coche "Oui, j'accepte les condiftions d'utilisation"
  • Clic sur Démarrer
  • Laisse cocher la case "Supprimer menaces détectés"
  • Coche "Analyser les archives"

    Note : Tout les éléments néfastes seront supprimés automatiquement
  • Si aucune menace n'est détectée :
    • Dit le moi simplement dans ta réponse.
  • Si des menaces sont détectés :
    • Clique sur "Liste des menaces détectées"
    • Clique sur Exporter vers ...
    • Copie et colle le contenue du rapport sur le forum.
~~ Aide en Image ~~

A te lire avec son rapport
:)

bonsoir oki pour la fermeture je m'en charge car[…]

how to clean junk files

Hello don't use this program , it's a bullshit :)

Bonjour https://www.aht.li/3213847/AdsFix.exe b[…]

De rien Bon WE :)